06-05-2014 12:54 PM
by Dan Goodin - June 5 2014
The Linux operating system kernel has been patched against yet another flaw that leaves servers in some shared Web hosting environments susceptible to hijacking.
The vulnerability, formally cataloged as CVE-2014-3153, is located in the futex subsystem of Linux, according to an advisory published Thursday by Debian, a distributor of the open source OS. The flaw allows untrusted users with unprivileged system access to escalate their control. From there, they can crash the system or do other nefarious things, including possibly executing malicious code.
"Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall," the advisory stated. "An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation."
06-07-2014 12:10 PM
By paganinip on June 7th, 2014
Numerous security flaws have been discovered and fixed in the Linux kernel, patch management for these vulnerabilities is critical to avoid that attackers could have led to a denial of service or privilege escalation.
Debian yesterday issued a new security update to warn its Linux users about the presence of new vulnerabilities that could be exploited for the above reasons. The vulnerabilities are